CVE-2021-33670

7.5HIGH

Key Information:

Vendor: SAP
Status: SAP Netweaver As For Java (http Service)
Vendor: CVE Published:; 14 July 2021

Summary

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.

Affected Version(s)

SAP NetWeaver AS for Java (Http Service) < 7.10 < 7.10

SAP NetWeaver AS for Java (Http Service) < 7.11 < 7.11

SAP NetWeaver AS for Java (Http Service) < 7.20 < 7.20

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3056652

x_refsource_MISC

http://seclists.org/fulldisclosure/2022/May/4

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 14, 2021
Vulnerability Reserved
May 28, 2021

.